Modern weapons systems include ordnance that is both large and small. Large ordnance includes anti-aircraft, anti-ship, and anti-missile missiles, for example. Large ordnance is often expensive, and therefore includes guidance technology to ensure that it strikes its target. This guidance technology has been moving into small ordnance, such as small weaponized unmanned aerial vehicles (UAVs) and unpowered, steerable ordnance launched from conventional guns or railguns. However, smaller ordnance does not have the same space, power, or budgetary availability as large ordnance, so providing guidance systems is challenging.
NSA recently introduced the notion of Cryptographic High Value Product (CHVP) and allowed operational key material (keys used to encrypt/decrypt operational messages) to be generated within the crypto system itself rather than being generated within NSA and transferred to the operational environment.
CHVP is a designation used to identify assets that have high value, and which may be used to encrypt/decrypt secure communications, but which do not retain or store any classified information. When disconnected from the secure communication network, the CHVP equipment may be handled with a lower level of controls than required for COMSEC equipment. Because CHVP devices employ Suite B cryptographic algorithms as discussed at https://www.nsa.gov/ia/programs/suiteb_cryptography, they are categorized as non-Cryptographically Controlled Items (non-CCI). This is critical for their use in guided weapons, as such devices would be unrecoverable, for example, if the weapon failed to detonate.
CHVP implementations differ operationally from traditional cryptographic systems in that the users do not load operational keys from a CCI key fill device. Rather, the operational keys are generated from within the crypto system itself. The elements of the crypto system exchange operational keys and authenticate themselves to each other using asymmetric encryption techniques (e.g., Diffie-Hellman key exchange and digital signatures) where the asymmetric key pairs are provided using NSA certified Public Key Infrastructure (PKI). Generally speaking, CVHP devices are considered unclassified when unkeyed but when keyed assumes the classification level equal to that of the keying material used. NSA KG-84A and KG-84C cryptographic devices are examples of CCI devices that are considered unclassified when unkeyed. The IPS-250 CHVP High-Speed IP Network Encryptor from ViaSat is an example of a non-CCI cryptographic device that complies with NSA CHVP Suite B.
The Air Force Lifecycle Management Center (AFLCMC), Cryptologic Systems Division (CPSD), COMSEC Products Branch (HNCC), Joint Base San Antonio-Lackland, Tex., recently sought feedback from Industry on several requirements documentation for a Suite B based, NSA Type 1 (available and under development) certified or certifiable Mini Cryptographic (MC) devices for Secret and Below information protection. The cryptographic device will need to be capable of meeting highly optimized Size, Weight, and Power (SWaP) constraints while supporting modest data throughput. AFLCMC/HNCC envisions MC to be an embeddable module, however alternate solutions may be considered for installation. Embedment/installation will be required to operate within a system employing advanced electronic technology.
Moreover, the Department of Defense has issued a policy that requires communications to weaponized platforms and actively guided ordnance to be protected by NSA-certified Type 1 cryptographic devices. For example, DoD Instruction 54660.04 27 Jul. 2011—Subject: Encryption of Imagery Transmitted by Airborne Systems and Unmanned Aircraft Control Communications states that “Aircraft control communications of UAS' that carry kinetic weapons shall be encrypted with NSA/CSS certified Type 1 encryption” and also states that telemetry used to test actively guided ordnance (AGO) devices is likely to be classified, and can be expected to fall under this directive.
However, available Type 1 cryptographic devices are unsuitable in smaller guided ordnance, for a number of reasons. First, as cryptographically controlled items, they must be under positive physical control, or otherwise inaccessible to unauthorized entities, at all times, and this is impractical for smaller ordnance. Second, such devices are clearly not suitable to weaponized UAVs or other small guided ordnance, because there is an unacceptable risk that the crypto device would become physically accessible to an adversary in case of a failed detonation. Third, while existing devices may be useful for larger ordnance, they are too large to be embedded into a small guided round. Finally, existing systems must obtain encryption and decryption keys and related cryptographic data directly from the NSA, or obtain credentials from the Department of Defense. Once ordnance has been programmed with these keys, it cannot be changed for security reasons. These keys are typically signed using a certificate designed to expire after a period of time, with expiration of the certificate rendering useless any ordnance that has been programmed with the outdated keys, thereby incurring large logistical costs.
There is therefore a need for a small, low-power, security-certifiable system for controlling actively guided ordnance.